Paxful, Inc. Privacy Notice

Paxful, Inc. (also referred to as “Paxful,” “we,” “us,” or “our”) takes steps to protect your privacy. In this Privacy Notice (“Notice”), we describe the types of personal information we may collect from you in connection with your use of our websites including, but not limited to, https://paxful.com/, the Paxful Wallet, our online bitcoin trading platform, mobile application, social media pages, or other online properties (collectively, the “Website”), or when you use any of the products, services, content, features, technologies, or functions we offer (collectively, the “Services”).

This Notice is designed to help you obtain information about our privacy practices and to help you understand your privacy choices when you use our Website and Services. Please note that our Service offerings may vary by region.

For all purposes, the English language version of this privacy notice shall be the original, governing instrument. In the event of any conflict between the English language version of this privacy notice and any subsequent translation into any other language, the English language version shall govern and control.

Personal information we collect

We collect information that relates to you (“Personal Data”) in connection with your use of the Website, our Services. or otherwise in the context of our relationship with you. The types of Personal Data that we may obtain from you may include:

Biographical Data, including:

  • Name
  • Email Address
  • Phone Number
  • Country
  • Full Address
  • Date of Birth

Paxful Account Details, including:

  • Username
  • User Profile Information in the “Bio” section
  • Profile Picture
  • Joined Date
  • Default Currency
  • Time Zone
  • Default Language

Paxful Account Activity, including:

  • Trade Chat Messages (which may contain financial information if you provide it to sellers)
  • Trade Chat Attachments
  • Trade Activity
  • Transaction History
  • Affiliate Name
  • Affiliate ID
  • Affiliate Link
  • Affiliate Transactions
  • Offers Created
  • Offer Terms
  • Trade Instructions
  • Account Notifications
  • Account Status

Data relating to your Digital asset wallet, including:

  • Private Keys
  • Public Keys
  • Wallet Balance
  • Transactions received
  • Transactions sent

Data Collected in connection with “Know Your Customer” (KYC) Compliance, including:

  • Government-issued ID
  • Proof of Address
  • Photographs, if you elect to provide them to us
  • Video, if you elect to provide them to us

Device and Website Usage Data, including:

  • IP Addresses
  • Cookie ID and/or other device identifiers
  • Information relating to your access to the Website, such as device characteristics, date & time
  • Language preferences
  • Information on actions taken while using the Website

Mobile application usage data, including:

  • Session data: IP address, version of the operating system, brand and model of the device, unique identifiers of the device, browser used, information about the time the Application was accessed, name and parameters of the network connection.
  • Information about applications installed on the User’s device (metadata from applications): application name, application identifier and version, device identifier and checksum. Detecting malicious apps and protecting users from fraud are the main reasons for collecting information about installed apps.
  • Information on actions taken while using the mobile application
  • Crash and application errors diagnostics data

How we use your data

The business purposes for which we collect, use, retain, and share your Personal Data may include:

  • To provide Services through operating the Website, including to:
    • Register, create, and maintain your account;
    • Authenticate your identity and/or your access to an account, or help sellers verify your identity;
    • Initiate, facilitate, process, and/or execute transactions;
    • Communicate with you regarding your account or any Services you use;
    • Perform creditworthiness, KYC, or other similar reviews;
    • Evaluate applications; or
    • Compare information for accuracy and verification purposes.
  • To manage risk and protect you, other persons, and the Website and Services.
  • To provide a personalized experience and implement your preferences.
  • To better understand customers and how they use and interact with the Website and Services.
  • To market to you.
  • To provide personalized Services, offers, and promotions on our Website and third-party websites.
  • To provide you with location-specific options, functionalities, and offers.
  • To comply with our policies and obligations, including, but not limited to, disclosures and responses in response to any requests from law enforcement authorities and/or regulators in accordance with any applicable law, rule, regulation, judicial or governmental order, regulatory authority of competent jurisdiction, discovery request or similar legal process.
  • To resolve disputes, collect fees, or troubleshoot problems.
  • To provide customer service to you or otherwise communicate with you.
  • To manage our business.

We may also process Personal Data for other purposes based upon your consent when required by applicable law.

Sources from which we collect personal data

We collect Personal Data from a number of sources, including

  • Directly from you: We collect Personal Data directly from you when you use our Website or Services, communicate with us, or interact directly with us.
  • From service providers and/or data processors who assist us in providing the Website or the Services: We may engage service providers to assist us in facilitating the Website or the Services to you, at our direction and on our behalf. These service providers may collect information about you and provide it to us.
  • From other users on the Paxful Website or from affiliates integrated with the Paxful Website or Services: Other users may provide us with information about you in connection with transactions or chats. Affiliates may also provide information to us about you related to your interactions or transactions with such affiliates.
  • From third-parties who may help us verify identity, prevent fraud, and protect the security of transactions.
  • From third-parties who may help us evaluate your creditworthiness or financial standing.
  • From third-parties who may help us analyze Personal Data, improve the Website or the Services or your experience on it, market products or services, or provide promotions and offers to you.
  • From social media platforms, if you interact with us through social media.

How we share data

Under certain circumstances, we may disclose certain Personal Data with other persons. The categories of persons with whom we may share Personal Data include:

  • Service providers and/or data processors: We may share Personal Data with third-party service providers that perform services and functions at our direction and on our behalf. These third-party service providers may, for example, provide you with Services, verify your identity, assist in processing transactions, send you advertisements for our products and Services, or provide customer support.
  • Other parties to transactions, such as sellers: We may share information with the other participants to your transactions, including other users from whom you are purchasing the digital asset.
  • Financial institutions and other companies involved in helping you make payments in connection with transactions
  • Affiliates that receive referrals from our Website
  • Other third-parties for our business purposes or as permitted or required by law, including:
    • To comply with any legal, regulatory or contractual obligation, or with any legal or regulatory process (such as a valid court order or subpoena);
    • To establish, exercise, or defend legal claims;
    • In response to a request by a government agency, such as law enforcement authorities or a judicial order;
    • To enforce our Website Terms of Service or our internal policies;
    • To prevent physical harm or financial loss, in connection with an investigation of suspected or actual illegal activity, or to otherwise protect our or others’ rights, property, or safety;
    • To facilitate a purchase or sale of all or part of Paxful’s business. For example, by sharing data with a company we plan to merge with or be acquired by; or
    • To support our audit, compliance, and corporate governance functions.

International transfers of data

Please note that we may transfer Personal Data we collect about you to countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your Personal Data to other countries, we take steps designed to ensure that the transfer is in accordance with applicable law.

Cookies and online advertising

  • A cookie is a small text file that a website saves on your computer or mobile device when you visit the website.
  • Our Website uses cookies and tracking technologies to operate, and to target advertising that may be of interest to you. For further information, please refer to our Cookie Policy.
  • Paxful may partner with third-party ad networks to either display advertising on the Paxful Website or on third-party websites. These websites and third-party ad networks are not controlled by Paxful. Ad network partners use data technologies to collect information about your online activities to provide you targeted advertising based upon your interests. If you wish not to have this information used for the purpose of serving you targeted ads, you may be able to opt-out by visiting:

Please note this does not opt you out from being served advertising; you will continue to receive generic ads that are not based on your specific interests. You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Website, but your ability to use some features or areas of our Website may be limited.

Data retention

We retain Personal Data for the period necessary for the purposes for which it was collected, or for such periods as required by applicable law. This may involve retaining Personal Data for periods following a transaction. We make efforts to delete your Personal Data once it is no longer required for any of the business purposes described above.

Data security

Paxful has implemented safeguards designed to protect your Personal Data, including measures designed to prevent Personal Data against loss, misuse, and unauthorized access and disclosure. Still, Paxful cannot ensure or warrant the security or confidentiality of information you transmit to us or receive from us by Internet or wireless connection. Transferring data through the Internet always carries some risk, even if Paxful makes efforts to protect data once it has received it.

Children under 18 years of age

Paxful’s Website is not intended for children under the age of 18. We do not knowingly collect data from children under the age of 18 without verified parental consent. If we learn that we have collected information, including Personal Data, from an individual under 18 years of age without parental consent, we will delete that information immediately.

Modifications to the privacy notice

Paxful reserves the right to change this Notice from time to time. We will notify you of modifications to this Notice by posting a revised version of this Notice here, by email, or by means of a prominent notice on the Paxful Website home page. We recommend that you periodically check the Website for any changes.

Contact us

If you have any questions about this Notice, or wish to make an inquiry with us regarding Personal Data or privacy, please contact us at: [email protected]

EEA Addendum

The following disclosures apply to, and are intended exclusively for, individuals who reside within the European Economic Area (EEA).

Data Controller

The controller for your Personal Data is Paxful, Inc.

Legal Bases for Processing Personal Data

  • To the extent we use Personal Data to perform contractual obligations or requests made by you in connection with a contract, Article 6(1)(b) of the General Data Protection Regulation (“GDPR”) is the legal basis for our data processing.
  • To the extent we use Personal Data to comply with a legal obligation under EU or Member State law, Article 6(1)(c) of the GDPR is the legal basis for our data processing.
  • To the extent we use Personal Data to protect the vital interests of individuals, Article 6(1)(d) of the GDPR is the legal basis for our data processing.
  • To the extent we use Personal Data in pursuit of our legitimate business interests, Article 6(1)(f) of the GDPR is the legal basis for our data processing. A list of our legitimate business interests is in the above section titled “How We Use Your Data”.

European Data Protection Rights

European law provides you with certain rights with respect to your Personal Data, including:

  • The right to request access to and rectification of your Personal Data.
  • The right to request that Paxful delete certain Personal Data relating to you.
  • The right to data portability, which includes the right to request that certain Personal Data you have provided to us be transferred from us to another data controller.
  • The right to withdraw any consent you have provided to Paxful to collect, use, or share your data at any time. Please note that withdrawing consent does not affect the lawfulness of Paxful processing your Personal Data before your withdrawal.
  • The right to object to Paxful’s processing of your Personal Data, based on grounds specific to your particular situation.
  • The right to request that Paxful restrict the processing of your Personal Data, if certain statutory conditions for restriction are met.
  • The right to lodge a complaint with a European supervisory authority.

Please note that applicable law may provide exceptions to any of these rights, permit Paxful to decline your request, or permit Paxful to extend the period in which it can act on your request. Paxful may also contact you to verify your identity, as permitted by law, prior to acting on your request. To exercise any of these rights, please contact us as set forth in the above section titled “Contact Us”.

International Transfers

We may transfer Personal Data relating to EEA residents to countries that have not been found by the European Commission to provide adequate protection, including the United States. For any such transfers, Paxful implements safeguards designed to ensure that your Personal Data receives an adequate level of protection. If you are located in the EEA, Paxful will only transfer your Personal Data if: the country to which the Personal Data will be transferred has been granted a European Commission adequacy decision; the recipient of the Personal Data is located in the United States and has certified to the US-EU Privacy Shield Framework; Paxful has put in place appropriate safeguards in respect of the transfer, for example by entering into EU Standard Contractual Clauses with the recipient, or; an applicable statutory exception to the GDPR general transfer prohibition applies. To obtain a copy of the mechanisms that Paxful has executed to support its transfers of personal data outside the EEA, contact us as set forth in the above “Contact Us” section.

California Addendum

The following disclosures apply to, and are intended exclusively for, residents of the State of California.

Your California Privacy Rights

To the extent that we disclose certain personally identifiable information about you to third parties who use it for their direct marketing purposes, you have a right to request further information about the recipients of your information. To exercise this right, please contact us as described in the above section titled “Contact Us.”

Do Not Track Disclosure

Our Website is not designed to respond to “Do Not Track” signals or requests.

Facts What does Paxful do with your personal information?
Why?

Financial companies choose how they share your personal information. Federal law gives consumers the right to limit some but not all sharing. Federal law also requires us to tell you how we collect, share, and protect your personal information. Please read this notice carefully to understand what we do.

What?

The types of personal information we collect and share depend on the product or service you have with us. This information can include:

  • Social Security number or account balances
  • Payment history or transaction history
  • Credit history or credit scores

When you are no longer our customer, we continue to share your information as described in this notice.

How?

All financial companies need to share customers' personal information to run their everyday business. In the section below, we list the reasons financial companies can share their customers' personal information; the reasons Paxful chooses to share; and whether you can limit this sharing.


Reasons we can share your personal information

Does Paxful share?

Can you limit this sharing?

For our everyday business purposes - such as to process your transactions, maintain your account(s), respond to court orders and legal investigations, or report to credit bureaus

Yes

No

For our marketing purposes - to offer our products and services to you

Yes

No

For joint marketing with other financial companies

Yes

No

For our affiliates' everyday business purposes - information about your transactions and experiences

Yes

No

For our affiliates' everyday business purposes - information about your creditworthiness

No

We don't share

For nonaffiliates to market to you

No

We don't share

Questions?

Go to www.paxful.com

Who we are

Who is providing this notice?

The privacy notice is provided by Paxful and is applicable to your personal Paxful account.

What we do

How does Paxful protect my personal information?

To protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.

How does Paxful collect my personal information?

We collect your personal information, for example, when you

  • open an account or provide account information
  • give us contact information or make a transfer
  • use your Paxful account to send or receive funds

We also collect personal information from others, such as credit bureaus, affiliates, and other companies.

Why can’t I limit all sharing?

Federal law gives you the right to limit only

  • sharing for affiliates' everyday business purposes — information about your creditworthiness
  • affiliates from using your information to market to you
  • sharing for nonaffiliates to market to you

State laws and individual companies may give you additional rights to limit sharing. See below for more on your rights under state law.

Definitions

Affiliates

Companies related by common ownership or control. They can be financial and nonfinancial companies.

  • Our affiliates include companies under common control of Paxful Holdings, Inc.

Nonaffiliates

Companies not related by common ownership or control. They can be financial and nonfinancial companies.

  • Nonaffiliates with which we share personal information include service providers that perform services or functions on our behalf.

Joint marketing

A formal agreement between nonaffiliated financial companies that together market financial products or services to you.

  • Our joint marketing partners include financial companies.

Other important information

We may transfer personal information to other countries, for example, for customer service or to process transactions.

California: If your Paxful account has a California mailing address, we will not share personal information we collect about you except to the extent permitted under California law.

Vermont: If your Paxful account has a Vermont address, we will not share personal information we collect about you with nonaffiliates unless the law allows or you provide authorization.